Cybersecurity

Sextortion Investigations

Published on: August 19, 2013 | by Law Offices of Salar Atrizadeh

On August 14, 2013, the FBI confirmed its investigation regarding a sextortion case involving several women, including the recently-crowned Miss Teen USA, Cassidy Wolf. While the FBI did not release any information regarding the investigation or potential suspects, they did say the investigation has been going on for several months. Do you store personal information and photographs on your computer? Do you or your children use computers with webcam capabilities? If so, you might be at risk for cyber-stalking and sextortion. At the Law Offices of Salar Atrizadeh, an attorney with experience and knowledge in the most recent cyberspace law can help you learn how to protect yourself against cyber attacks such as these.

What Is the Extent of the Sextortion Threat In the Community?

Cassidy Wolf had said in an interview that she had received an email from an anonymous source who claimed to have nude pictures of her. The anonymous source then attempted to extort her, threatening to make the pictures public otherwise. Apparently, a hacker was able to break into Cassidy Wolf’s computer, turn on her webcam, and take pictures of her. For Miss Wolf, this controversy came after the hacker cyber-stalked her through her computer.

Cyber Threats: Phishing and Spoofing

Published on: May 27, 2013 | by Law Offices of Salar Atrizadeh

As cyberspace becomes a larger part of everyday life, the threat of cybercrimes becomes more prevalent. Consumers conduct all sorts of business over the Internet, which involves storing and transferring personal information on various online sites. Accordingly, the wealth of personal information available over the Internet has drawn in a new type of crime–phishing and spoofing. Cybercriminals disguise as other people, or legitimate business entities, and they entice consumers to give out personal information, such as bank account numbers. These tactics also help cybercriminals steal people’s identities.

What is the Difference Between Phishing and Spoofing?

Phishing is the practice of posing as a legitimate business entity to trick consumers into turning over personal information, such as passwords and bank account numbers. The cybercriminals then use this information to break into accounts and transfer money. They may also use this personal information to apply for credit cards, spend extravagant amounts of money, and ruin people’s credit. This is how cyber criminals perpetuate identify theft through phishing. With the right personal or financial information, cybercriminals disguise as other people, building up exorbitant debt against the victim.

Defending Against the Growing Threat of Identity Theft

Published on: April 21, 2013 | by Law Offices of Salar Atrizadeh

Few crimes affect as broad a scope of people as identity theft. With social networks, credit cards, personal information, and contact information so interconnected, perpetrators can trespass into a person’s life by breaking past a single password-protected account. Accordingly, the Los Angeles County District Attorney’s Office has created a special division to aggressively prosecute this serious crime. Indeed, the District Attorney’s Office has indicated that it would pursue all cases of identity theft, regardless of how minor. This category of illegal activity includes everything from simply possessing information on another’s identity without their permission to using such information to obtain a credit card or make purchases.

In California, identity theft laws are especially strict because perpetrators can be convicted of felony identity theft regardless of whether the victim suffers financial harm as a result of the identity theft. In fact, signing someone else’s name on an official document may constitute identity theft, depending on the circumstances. Often, identity thieves work as members of larger organizations, which assemble and carry on large networks of identity theft. Someone may be accused of identity theft simply by association with members of such a network. Under California Penal Code § 530.5(a) to maintain a case of identity theft, the district attorney will need to show that a defendant intentionally obtained “personal identifying information” without the consent of the person, to use “for any unlawful purpose.” Defendants may be able to avoid prosecution for identity theft if they can present evidence to show that they obtained the identifying information with the person’s consent.

The most common identity theft cases include illegal credit cards, fake identification cards, stolen social security numbers, purchases with stolen credit cards, and skimming. Skimming involves installing a skimmer to illegal obtain identification and credit card information from card machines in retail stores and gas stations. Identity theft also involves cyber crimes such as phishing or spoofing.

IMAGiNE Group Faces Counts of Criminal Copyright Infringement

Published on: April 2, 2013 | by Law Offices of Salar Atrizadeh

After an investigation by U.S. Immigration Customs Enforcement’s Homeland Security Investigations unit, U.S. District Judge Arenda L. Wright found members of IMAGiNE Group guilty of criminal copyright infringement. The court found IMAGiNE Group, an Internet piracy circle, guilty of perpetuating an effort to release movies available only in movie theaters. A representative of the Motion Picture Association of America testified that IMAGiNE was responsible for the most expansive effort to release pirated films between September 2009 and September 2011.

Judge Wright sentenced Jeremiah B. Perkins, a leading member of IMAGiNE, to prison and ordered him to pay $15,000 in restitution damages. After prison, Perkins will also face three years of supervised release. Perkins was responsible for recording films in theaters and compiling data into complete movie files to share on the Internet. Perkins admitted to renting computers, registering domain names, and opening email and PayPal accounts to help run IMAGiNE’s operation.

The National Intellectual Property Rights Coordination Center (“IPR Center”) within the United States Department of Homeland Security has supported the underlying investigation in this case. This center is one of the federal government’s greatest weapons in the fight against counterfeiting and piracy. The IPR Center works closely with other agencies within the Department of Justice to facilitate information sharing in an effort to establish and enforce initiatives that deter intellectual property theft. This case was part of the IPR Center’s greater effort to hinder and stop the spread of intellectual property theft. Attorney General Eric Holder instigated these efforts in response to the increasing crimes against intellectual property. Additionally, in light of recent news concerning threats of international cyber attacks, these efforts also go a long way towards protecting American consumers, their health, and their safety. Preventing intellectually property theft also protects the American economy by prohibiting outside parties from profiting on American products and intellectual property. The IPR Center aims to increase intellectual property right protections by implementing stricter criminal and civil liability for property right infringements. Additionally, the IPR Center seeks to organize greater coordination among federal, state, and local law enforcement agencies. Finally, the task force aims to refocus efforts on international property right protections by establishing and strengthening relationships with foreign governments.

Threat of International Cyber Attacks

Published on: March 11, 2013 | by Law Offices of Salar Atrizadeh

The news outlets have been reporting that the Chinese have allegedly been hacking into American infrastructures. Assuming this report is accurate, the United States is not equipped to handle the consequences of such an attack. These hackers would possess the power to disable the critical infrastructure in this country, eliminating electricity, gas, water, and all major transit systems. Indeed, earlier this year, both The New York Times and The Wall Street reported that hackers had infiltrated their systems and stolen confidential employee information. The New York Times has further reported that it has been experiencing constant attacks from the Chinese in an attempt to control information that pertains to China. The Ministry of National Defense in China denies any such cyberattack on The New York Times. In light of these recent developments, it has become increasingly important for individuals and businesses to take steps to ensure their cyber protection. By serving California and Washington D.C., the skilled attorneys at the Law Offices of Salar Atrizadeh successfully work on legal matters pertaining to cybersecurity and Internet law.

The former Secretary of Defense, Leon Panetta, has described the scene that will unfold after such an attack as a “cyber Pearl Harbor.” Indeed, these hackers could possess software with the capacity to destroy infrastructure hardware. Such an attack would spread chaos throughout the country for months while the government works to restore its vital systems. Pointing to the failed Cybersecurity Act of 2012, Panetta has called upon the private citizens and businesses to act to secure their cybersecurity. Hillary Clinton, former Secretary of State, confirmed that this was a crisis that required global attention.

These instances of “cyberterrorism” threaten to cause damage far beyond the destruction of 9/11. Mandiant, a cyber-security company based in the United States, traces these cyber-attacks to the People’s Liberation Army, the Chinese military. The efforts in America to make sense of these attacks have not led to any definitive answers. The dangers of cyber-attacks are apparent in the recent attack on Aramco, the Saudi Arabian oil company. The attack consisted of a virus, which destroyed 30,000 Aramco computers, and replaced essential files within the system with an image of an American flag burning. There was also a reported cyber-attack on Telvent (now known as Schneider Electric), an international corporation that provides companies with the network and connections to remotely control power grids, oil pipelines, and gas pipelines. It remains unclear whether the hacking efforts are meant to steal confidential information, or whether the hacking is part of a larger scheme to derail vital American infrastructures. Indeed, the threat may not be limited to the Chinese, but rather part of a greater effort to launch an attack against American cybersecurity. This certainly poses a threat not only for national security, but also for individual cyber-security involving consumers and businesses that compose and participate in the crucial business and technology infrastructures.

President Obama Signs an Executive Order to Protect Cybersecurity

Published on: March 4, 2013 | by Law Offices of Salar Atrizadeh

In light of recent news that America’s cyber-network is vulnerable to outside attack, President Obama signed an Executive Order to improve cyber-security for the nation’s “critical infrastructure.” According to the Order, “critical infrastructure” applies to the vital physical and virtual systems in the United States that are essential to the country’s economic security, public health, and safety. This definition is in line with the definition of “critical infrastructure” in the Cybersecurity Act of 2012, which the federal government failed to pass.

The Executive Order is meant to promote greater information sharing among members of the same network. This will ensure that all network providers are adequately aware of potential threats to the system in time to plan and implement an effective response. Accordingly, American companies now bear the responsibility of evaluating whether “critical infrastructure” applies to their operations. Alternatively, the Executive Order may also apply to companies that provide goods or services to other companies that the Executive Order implicates. In this case, the Executive Order would also apply to the companies that provide the goods or services. These companies would then bear the same responsibility to abide by the Executive Order and participate in the information-sharing network.

The Executive Order also requires various federal agencies to participate in this network. The Office of the Attorney General, the Department of Homeland Security, and the Office of National Intelligence, among others, are responsible for participating to create an information-sharing network. Such a network will make it easier to detect and ward off cyber-threats. Additionally, the information-sharing network will allow the participating agencies to quickly notify the President of any legislation that is necessary to further protect the nation’s cyber-network. Furthermore, a working and productive network will incentivize other agencies and companies to join the network. Increased participants will improve the breadth of the network, work to expand the reach of the network, and add to the information that is available within the network.

FTC Adopts Amendments to the Child Online Privacy Protection Act

Published on: February 19, 2013 | by Law Offices of Salar Atrizadeh

In 1998, Congress passed the Children’s Online Privacy Protection Act (“COPPA”) to ensure online privacy for children under the age of thirteen. Under this Act, online operators must obtain parental consent before they begin to collect information about online users under the age of thirteen. The Federal Trade Commission (“FTC”) implements and enforces COPPA. In December 2012, the FTC adopted the first significant amendments to COPPA since the inception of this federal law in 2000.

In 2010, the FTC began to review the terms of COPPA to determine whether changes in the cyber community would require amendments to the Act. The FTC felt that COPPA would potentially require amendments in order to keep pace with the fast-changing nature of the Internet. Before drafting any such amendments, the FTC invited interested businesses and third parties to communicate their suggestions for changes that would help improve this law. After this process, the FTC adopted three significant changes to the Act.

First, the FTC expanded COPPA’s reach to include applications, plug-ins, and advertisement networks that could potentially gather personal information about children under the age of thirteen. Although, this was a controversial addition to COPPA, the FTC was able to compromise by indicating that COPPA will only apply to these online operators if the operator is aware that it is collecting information about children. Next, the FTC expanded COPPA substantially so that it applies to a wider range of personal information subject to the Act’s regulations. Under the 2012 amendments, “personal information” now includes online contact information such as instant messaging usernames, voice over Internet protocol (“VOIP”) identifiers, video chat user data, any other screen names that serve to identify users individually. The Act will also cover “persistent identifiers,” which include IP addresses, profile pictures, or audio files that contain a child’s voice. Finally, the FTC has revised the acceptable means of obtaining parental consent. Pursuant to COPPA, online operators must obtain parental consent before collecting personal information about a child. Under the 2012 amendments, these online operators can now accept consent by a parent’s use of an online payment system, by a parent’s confirmation through video conference with trained personnel, and by verifying a parent’s identification with government-issued identification. These amendments aim to protect children’s privacy in the quickly changing environment of online operators and in light of the constant advancements in the Internet community.

Legal Implications of Online Impersonation

Published on: January 7, 2013 | by Law Offices of Salar Atrizadeh

The possibility of identity theft is a growing concern. However, banks, credit card companies, and various other institutions that house private information regularly take steps to protect customers’ identities. Nonetheless, a different type of identity theft continues to thrive. Online impersonation is a quick and easy form of identity theft that takes place over the Internet. It is an easy type of identity theft given the breadth and convenience of social media and expanding networking sites. However, in light of the Sandy Hook Elementary School incident, state and federal authorities are considering the possibility of bringing criminal charges for online impersonation.

State legislatures called for laws against online impersonation following the case of Megan Meier, a 13-year-old girl who killed herself after a woman impersonated a boy and engaged in cyberbullying. After the Sandy Hook shooting, people began posting incorrect information about the shooting and the suspect. Others began posing as the shooter and staging crime scenes similar to the shooting. Connecticut State Police Lieutenant J. Paul Vance called attention to this matter in a public press conference. He noted that these posts, in addition to being highly inappropriate, were also threatening and criminal in nature.

A spokesman for Commissioner Reuben Bradford stated that, harassing anyone who was a victim of the shooting would be criminally prosecuted. He noted that harassment would not only include in person contact, but also harassment through via the Internet and social media sites. Charges could include criminal impersonation and criminal misrepresentation. California and several other states have established online impersonation as a criminal offense. Critics argue that criminal regulations that prohibit online impersonation may arm interest groups with the power to suppress speech. For example, Electronic Frontier Foundation argues that such laws could silence groups like The Yes Men, which utilizes online impersonation as a form of commentary on the government and large corporations.

Cloud Computing

Published on: December 17, 2012 | by Law Offices of Salar Atrizadeh

Cloud computing offers a revolutionary new way to conduct business over the Internet. This service is a form of cyber-outsourcing where virtual servers provide certain services or applications for consumers online. Cloud computing vendors include, IBM SmartCloud, Cisco Cloud Computing, Amazon Elastic Compute Cloud (aka Amazon EC2), and various smaller vendors. These providers offer a range of services including storage services and spam filtering.

There are various forms of cloud computing available over the Internet. Managed Service Providers (“MSPs”) are the oldest form of cloud computing. A “managed service” is an application such as virus scanning for email or anti-spam services. The most common form of cloud computing is through Software as a Service (“SaaS”), which delivers an application to multiple customers through a browser using a multi-tenant architecture. Customers benefit because they do not have to invest in servers or purchase software licenses. Providers benefit because they are able to reduce costs because they only need maintain one application for their multiple customers. Salesforce.com is a well-known example of SaaS cloud computing, but Google Cloud Storage is a fast growing option as well.

Similar to SaaS computing, some providers offer Application Programming Interfaces (“APIs”), which allow developers to offer certain functions over the Internet without having to offer entire applications. These functionalities range from specific business services to wider-ranging APIs, such as Google Maps. Another version of SaaS computing allows users to develop their own application and offer the application through a provider’s infrastructure over the Internet. The developers are limited by the provider’s capabilities, but the developers benefit from the established predictability. Google App Engine is an example of such cloud computing.

Privacy Concerns in the Changing Face of the Internet and Technology

Published on: November 11, 2012 | by Law Offices of Salar Atrizadeh

The technological advancements and the ever-expansive world of cyberspace are in a perpetual state of conflict with individual privacy concerns. For example, a recent research project by the Massachusetts Institute of Technology demonstrates that independent component analysis allows companies to track changes in pulse by the subsequent change in skin color that is readily visible through a video signal. In addition, employers, credit agencies, and health insurance providers can now purchase indexes that contain consumer profiles based on individual consumer’s browsing history, site membership, and online purchases.

The Federal Trade Commission has issued a report that proposes the steps companies can take to ensure optimal protection of consumer privacy. The report, “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers,” urges companies to incorporate privacy protection in every stage of their products, provide a mechanism against online activity tracking, and fully disclose what user information it shares with other entities.

The California legislature has proposed a new bill that would impose new restrictions on social networking sites, which would limit the information available about users. The proposed legislation would allow users to select privacy settings before ever using the site, which limits the sites accessibility. Social Networking sites, such as Facebook, have responded that such legislation would inappropriately burden the sites, in turn devastating cyber-business in California.